nixos/{sudo, terminfo}: Adjust defaults for compatibility with sudo-rs
This commit is contained in:
parent
f0107b4f63
commit
914bf58369
3 changed files with 18 additions and 7 deletions
|
@ -10,6 +10,16 @@
|
|||
|
||||
- The `nixos-rebuild` command has been given a `list-generations` subcommand. See `man nixos-rebuild` for more details.
|
||||
|
||||
- [`sudo-rs`], a reimplementation of `sudo` in Rust, is now supported.
|
||||
Switching to it (via `security.sudo.package = pkgs.sudo-rs;`) introduces
|
||||
slight changes in default behaviour, due to `sudo-rs`' current limitations:
|
||||
- terminfo-related environment variables aren't preserved for `root` and `wheel`;
|
||||
- `root` and `wheel` are not given the ability to set (or preserve)
|
||||
arbitrary environment variables.
|
||||
|
||||
[`sudo-rs`]: https://github.com/memorysafety/sudo-rs/
|
||||
|
||||
|
||||
## New Services {#sec-release-23.11-new-services}
|
||||
|
||||
- [MCHPRS](https://github.com/MCHPR/MCHPRS), a multithreaded Minecraft server built for redstone. Available as [services.mchprs](#opt-services.mchprs.enable).
|
||||
|
|
|
@ -16,7 +16,10 @@ with lib;
|
|||
};
|
||||
|
||||
security.sudo.keepTerminfo = mkOption {
|
||||
default = true;
|
||||
default = config.security.sudo.package.pname != "sudo-rs";
|
||||
defaultText = literalMD ''
|
||||
`true` unless using `sudo-rs`
|
||||
'';
|
||||
type = types.bool;
|
||||
description = lib.mdDoc ''
|
||||
Whether to preserve the `TERMINFO` and `TERMINFO_DIRS`
|
||||
|
|
|
@ -40,7 +40,10 @@ in
|
|||
|
||||
defaultOptions = mkOption {
|
||||
type = with types; listOf str;
|
||||
default = [ "SETENV" ];
|
||||
default = optional usingMillersSudo "SETENV";
|
||||
defaultText = literalMD ''
|
||||
`[ "SETENV" ]` if using the default `sudo` implementation
|
||||
'';
|
||||
description = mdDoc ''
|
||||
Options used for the default rules, granting `root` and the
|
||||
`wheel` group permission to run any command as any user.
|
||||
|
@ -204,11 +207,6 @@ in
|
|||
###### implementation
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
assertions = [
|
||||
{ assertion = usingMillersSudo;
|
||||
message = "The NixOS `sudo` module does not yet work with other implementations."; }
|
||||
];
|
||||
|
||||
security.sudo.extraRules =
|
||||
let
|
||||
defaultRule = { users ? [], groups ? [], opts ? [] }: [ {
|
||||
|
|
Loading…
Reference in a new issue